--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Arbitrary code execution vulnerability in Apple Mac OS X - APPLE-SA-2014-09-29-1

ID: oval:org.secpod.oval:def:21353Date: (C)2014-10-13   (M)2017-10-12
Class: PATCHFamily: macos




The host is missing a security update according to Apple advisory, APPLE-SA-2014-09-29-1. The update is required to fix arbitrary code execution vulnerability. The flaw is present in the Bash's parsing of environment variables, which fails to handle certain vectors related to memory and crafted data. Successful exploitation allows attackers to execute remote code and have other impact.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Reference:
APPLE-SA-2014-09-29-1
CVE-2014-6271
CVE-2014-7169
CVE    2
CVE-2014-7169
CVE-2014-6271
CPE    2
cpe:/o:apple:mac_os_x_server
cpe:/o:apple:mac_os_x

© 2013 SecPod Technologies